Terraform variable clean-up and creation (#317)

* Terraform variable clean-up and creation * wip * - * add different env configs for state * rm non-used vars * wip * wip * add networking vars --------- Co-authored-by: Administrator <[email protected]>
CDCgov · Oct 16, 2024 · 802b14e · 802b14e
1 parent dc6c1b4
commit 802b14e
Show file tree

Hide file tree

Showing 25 changed files with 166 additions and 130 deletions.
diff --git a/ops/terraform/config/dev.config b/ops/terraform/config/dev.config
@@ -0,0 +1,4 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev.terraform.tfstate"
+    use_oidc             = true
diff --git a/ops/terraform/config/dev2.config b/ops/terraform/config/dev2.config
@@ -0,0 +1,4 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev2.terraform.tfstate"
+    use_oidc             = true
diff --git a/ops/terraform/config/dev3.config b/ops/terraform/config/dev3.config
@@ -0,0 +1,4 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev3.terraform.tfstate"
+    use_oidc             = true
diff --git a/ops/terraform/config/dev4.config b/ops/terraform/config/dev4.config
@@ -0,0 +1,4 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev4.terraform.tfstate"
+    use_oidc             = true
diff --git a/ops/terraform/config/dev5.config b/ops/terraform/config/dev5.config
@@ -0,0 +1,4 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev5.terraform.tfstate"
+    use_oidc             = true
diff --git a/ops/terraform/config/dev6.config b/ops/terraform/config/dev6.config
@@ -0,0 +1,4 @@
+    storage_account_name = "tfstaterv2024"
+    container_name       = "rv-tfstate"
+    key                  = "dev6.terraform.tfstate"
+    use_oidc             = true
diff --git a/ops/terraform/data.tf b/ops/terraform/data.tf
@@ -1,3 +1,3 @@
-data "azurerm_resource_group" "dev" {
+data "azurerm_resource_group" "rg" {
   name = var.resource_group_name
 }
diff --git a/ops/terraform/locals.tf b/ops/terraform/locals.tf
@@ -2,24 +2,54 @@ locals {
   environment = "${terraform.workspace}"
   init = {
     environment         = local.environment
-    resource_group_name = "reportvision-rg-${terraform.workspace}"
     location            = "eastus2"
   }
-  network = {
-    config = {
+  dev = {
+    dev = {
       vnetcidr      = "10.0.0.0/16"
-      websubnetcidr = "10.0.1.0/24"
-      appsubnetcidr = "10.0.2.0/24"
-      dbsubnetcidr  = "10.0.3.0/24"
-      lbsubnetcidr  = "10.0.4.0/24"
+      appsubnetcidr = "10.0.1.0/24"
+      websubnetcidr = "10.0.2.0/24"
+      lbsubnetcidr  = "10.0.2.0/24"
     }
   }
-  app = {
-    web_host_name   = "webserver"
-    web_username    = "web_user"
-    web_os_password = "@Webuser1"
-    app_host_name   = "appserver"
-    app_username    = "app_user"
-    app_os_password = "@Appuser1"
+  dev2 = {
+    dev2 = {
+      vnetcidr      = "10.2.0.0/16"
+      appsubnetcidr = "10.2.1.0/24"
+      websubnetcidr = "10.2.2.0/24"
+      lbsubnetcidr  = "10.2.3.0/24"
+    }
+  }
+  dev3 = {
+    dev3 = {
+      vnetcidr      = "10.3.0.0/16"
+      appsubnetcidr = "10.3.1.0/24"
+      websubnetcidr = "10.3.2.0/24"
+      lbsubnetcidr  = "10.3.3.0/24"
+    }
+  }
+  dev4 = {
+    dev4 = {
+      vnetcidr      = "10.4.0.0/16"
+      appsubnetcidr = "10.4.1.0/24"
+      websubnetcidr = "10.4.2.0/24"
+      lbsubnetcidr  = "10.4.3.0/24"
+    }
+  }
+  dev5 = {
+    dev5 = {
+      vnetcidr      = "10.5.0.0/16"
+      appsubnetcidr = "10.5.1.0/24"
+      websubnetcidr = "10.5.2.0/24"
+      lbsubnetcidr  = "10.5.3.0/24"
+    }
+  }
+  dev6 = {
+    dev6 = {
+      vnetcidr      = "10.6.0.0/16"
+      appsubnetcidr = "10.6.1.0/24"
+      websubnetcidr = "10.6.2.0/24"
+      lbsubnetcidr  = "10.6.3.0/24"
+    }
   }
 }
diff --git a/ops/terraform/main.tf b/ops/terraform/main.tf
@@ -1,7 +1,10 @@
 locals {
+  workspaces = "${merge(local.dev, local.dev2, local.dev3, local.dev4, local.dev5, local.dev6)}"
+  workspace  = "${local.workspaces[terraform.workspace]}"
+
   management_tags = {
     environment    = local.environment
-    resource_group = data.azurerm_resource_group.dev.name
+    resource_group = data.azurerm_resource_group.rg.name
   }
 }
 
@@ -10,13 +13,13 @@ locals {
 ##########
 module "networking" {
   source         = "./modules/network"
-  location       = data.azurerm_resource_group.dev.location
-  resource_group = data.azurerm_resource_group.dev.name
-  vnetcidr       = local.network.config.vnetcidr
-  websubnetcidr  = local.network.config.websubnetcidr
-  appsubnetcidr  = local.network.config.appsubnetcidr
-  lbsubnetcidr   = local.network.config.lbsubnetcidr
-  dbsubnetcidr   = local.network.config.dbsubnetcidr
+  name           = var.name
+  location       = data.azurerm_resource_group.rg.location
+  resource_group = data.azurerm_resource_group.rg.name
+  vnetcidr       = local.workspace["vnetcidr"]
+  websubnetcidr  = local.workspace["websubnetcidr"]
+  lbsubnetcidr   = local.workspace["lbsubnetcidr"]
+  # dbsubnetcidr   = local.network.config.dbsubnetcidr
   env            = local.environment
 }
 
@@ -26,19 +29,20 @@ module "networking" {
 
 module "securitygroup" {
   source         = "./modules/security"
-  location       = data.azurerm_resource_group.dev.location
-  resource_group = data.azurerm_resource_group.dev.name
+  name           = var.name
+  location       = data.azurerm_resource_group.rg.location
+  resource_group = data.azurerm_resource_group.rg.name
   web_subnet_id  = module.networking.websubnet_id
-  app_subnet_id  = module.networking.appsubnet_id
-  db_subnet_id   = module.networking.dbsubnet_id
+  # db_subnet_id   = module.networking.dbsubnet_id
   lb_subnet_id   = module.networking.lbsubnet_id
   env            = local.environment
 }
 
 module "app_gateway" {
   source                  = "./modules/app_gateway"
-  resource_group_location = data.azurerm_resource_group.dev.location
-  resource_group_name     = data.azurerm_resource_group.dev.name
+  name                    = var.name
+  resource_group_location = data.azurerm_resource_group.rg.location
+  resource_group_name     = data.azurerm_resource_group.rg.name
 
   blob_endpoint = module.storage.primary_web_host
   web-subnet    = module.networking.lbsubnet_id
@@ -55,8 +59,9 @@ module "app_gateway" {
 
 module "storage" {
   source          = "./modules/storage"
-  location        = data.azurerm_resource_group.dev.location
-  resource_group  = data.azurerm_resource_group.dev.name
+  name            = var.name
+  location        = data.azurerm_resource_group.rg.location
+  resource_group  = data.azurerm_resource_group.rg.name
   env             = local.environment
   management_tags = local.management_tags
   app_gateway_ip  = module.app_gateway.app_gateway_ip
@@ -68,18 +73,19 @@ module "storage" {
 ##########
 
 module "ocr_api" {
-  source         = "./modules/app_service"
-  location       = local.init.location
-  resource_group = data.azurerm_resource_group.dev.name
-  app_subnet_id  = module.networking.lbsubnet_id
-  env            = local.environment
-  vnet           = module.networking.network_name
+  source               = "./modules/app_service"
+  name                 = var.name
+  location             = local.init.location
+  resource_group       = data.azurerm_resource_group.rg.name
+  app_subnet_id        = module.networking.lbsubnet_id
+  env                  = local.environment
+  vnet                 = module.networking.network_name
 }
 
 # module "compute" {
 #   source         = "./modules/container_instances"
-#   location       = data.azurerm_resource_group.test.location
-#   resource_group = data.azurerm_resource_group.test.name
+#   location       = data.azurerm_resource_group.rg.location
+#   resource_group = data.azurerm_resource_group.rg.name
 #   environment    = local.environment
 #   app_subnet     = module.networking.appsubnet_id
 #   # web_subnet_id   = module.networking.websubnet_id

diff --git a/ops/terraform/modules/app_gateway/main.tf b/ops/terraform/modules/app_gateway/main.tf
@@ -1,5 +1,5 @@
 resource "azurerm_public_ip" "lb-pip" {
-  name                = "reportvision-pip-lb-${var.env}"
+  name                = "${var.name}-pip-lb-${var.env}"
   resource_group_name = var.resource_group_name
   location            = var.resource_group_location
   allocation_method   = "Static"
@@ -10,25 +10,25 @@ resource "azurerm_public_ip" "lb-pip" {
 
 # since these variables are re-used - a locals block makes this more maintainable
 locals {
-  backend_address_pool_name_static = "${var.vnet-name}-beap-static"
-  backend_address_pool_name_api    = "${var.vnet-name}-beap-api"
-  frontend_port_name_api           = "${var.vnet-name}-feport-api"
-  frontend_port_name_static        = "${var.vnet-name}-feport-static"
-  frontend_ip_configuration_name   = "${var.vnet-name}-feip"
-  http_setting_name_static         = "${var.vnet-name}-be-htst-static"
-  http_setting_name_api            = "${var.vnet-name}-be-htst-api"
-  listener_name_static             = "${var.vnet-name}-httplstn-static"
-  listener_name_api                = "${var.vnet-name}-httplstn-api"
-  request_routing_rule_name_api    = "${var.vnet-name}-rqrt-api"
-  request_routing_rule_name_static = "${var.vnet-name}-rqrt-static"
-  redirect_configuration_name      = "${var.vnet-name}-rdrcfg"
-  static_probe_name_app            = "${var.vnet-name}-be-probe-app-static"
-  api_probe_name_app               = "${var.vnet-name}-be-probe-app-api"
-  redirect_rule                    = "${var.vnet-name}-redirect"
+  backend_address_pool_name_static = "${var.name}-${var.env}-beap-static"
+  backend_address_pool_name_api    = "${var.name}-${var.env}-beap-api"
+  frontend_port_name_api           = "${var.name}-${var.env}-feport-api"
+  frontend_port_name_static        = "${var.name}-${var.env}-feport-static"
+  frontend_ip_configuration_name   = "${var.name}-${var.env}-feip"
+  http_setting_name_static         = "${var.name}-${var.env}-be-htst-static"
+  http_setting_name_api            = "${var.name}-${var.env}-be-htst-api"
+  listener_name_static             = "${var.name}-${var.env}-httplstn-static"
+  listener_name_api                = "${var.name}-${var.env}-httplstn-api"
+  request_routing_rule_name_api    = "${var.name}-${var.env}-rqrt-api"
+  request_routing_rule_name_static = "${var.name}-${var.env}-rqrt-static"
+  redirect_configuration_name      = "${var.name}-${var.env}-rdrcfg"
+  static_probe_name_app            = "${var.name}-${var.env}-be-probe-app-static"
+  api_probe_name_app               = "${var.name}-${var.env}-be-probe-app-api"
+  redirect_rule                    = "${var.name}-${var.env}-redirect"
 }
 
 resource "azurerm_application_gateway" "load_balancer" {
-  name                = "reportvision-appgateway-${var.env}"
+  name                = "${var.name}-appgateway-${var.env}"
   resource_group_name = var.resource_group_name
   location            = var.resource_group_location
 
@@ -39,7 +39,7 @@ resource "azurerm_application_gateway" "load_balancer" {
   }
 
   gateway_ip_configuration {
-    name      = "reportvision-gateway-ip-configuration"
+    name      = "${var.name}-gateway-ip-configuration"
     subnet_id = var.web-subnet
   }
 
@@ -55,7 +55,6 @@ resource "azurerm_application_gateway" "load_balancer" {
     port                                = 80
     protocol                            = "Http"
     request_timeout                     = 60
-    path                                = "/"
     pick_host_name_from_backend_address = true
     probe_name                          = local.static_probe_name_app
   }
@@ -84,7 +83,6 @@ resource "azurerm_application_gateway" "load_balancer" {
     port                                = 80
     protocol                            = "Http"
     request_timeout                     = 120
-    path                                = "/api"
     pick_host_name_from_backend_address = true
     probe_name                          = local.api_probe_name_app
   }
@@ -154,31 +152,31 @@ resource "azurerm_application_gateway" "load_balancer" {
 
 
   url_path_map {
-    name                               = "${var.vnet-name}-urlmap"
+    name                               = "${var.name}-${var.env}-urlmap"
     default_backend_address_pool_name  = local.backend_address_pool_name_static
     default_backend_http_settings_name = local.http_setting_name_static
-    default_rewrite_rule_set_name      = "mde-routing"
+    default_rewrite_rule_set_name      = "${var.name}-routing"
 
     path_rule {
       name                       = "api"
-      paths                      = ["/api/*", "/api"]
+      paths                      = ["/ocr-api/*", "/ocr-api"]
       backend_address_pool_name  = local.backend_address_pool_name_api
       backend_http_settings_name = local.http_setting_name_api
       // this is the default, why would we set it again?
       // because if we don't do this we get 404s on API calls
-      rewrite_rule_set_name = "mde-routing"
+      rewrite_rule_set_name = "${var.name}-routing"
     }
   }
   rewrite_rule_set {
-    name = "mde-routing"
+    name = "${var.name}-routing"
 
     rewrite_rule {
-      name          = "api-wildcard"
+      name          = "ocr-api-wildcard"
       rule_sequence = 101
       condition {
         ignore_case = true
         negate      = false
-        pattern     = ".*api/(.*)"
+        pattern     = ".*ocr-api/(.*)"
         variable    = "var_uri_path"
       }
 

diff --git a/ops/terraform/modules/app_gateway/variables.tf b/ops/terraform/modules/app_gateway/variables.tf
@@ -1,7 +1,4 @@
-variable "vnet-name" {
-  type    = string
-  default = "reportvision-dev"
-}
+variable "name" {}
 variable "resource_group_name" {}
 variable "resource_group_location" {}
 variable "web-subnet" {}

diff --git a/ops/terraform/modules/app_service/main.tf b/ops/terraform/modules/app_service/main.tf
@@ -3,15 +3,15 @@ locals {
 }
 
 resource "azurerm_service_plan" "asp" {
-  name                = "${var.name_ocr}-appserviceplan-${var.env}"
+  name                = "${var.name}-ocr-appserviceplan-${var.env}"
   location            = var.location
   os_type             = "Linux"
   resource_group_name = var.resource_group
   sku_name            = var.sku_name
 }
 
 resource "azurerm_linux_web_app" "linux_webapp" {
-  name                          = "${var.name_ocr}-${var.env}"
+  name                          = "${var.name}-ocr-${var.env}"
   https_only                    = var.https_only
   location                      = var.location
   resource_group_name           = var.resource_group
@@ -33,11 +33,6 @@ resource "azurerm_linux_web_app" "linux_webapp" {
     ftps_state                        = "Disabled"
     vnet_route_all_enabled            = false
 
-    # application_stack {
-    #   docker_image_name   = "cdcgov/reportvision-ocr-api:derek-main-dev"
-    #   docker_registry_url = "https://ghcr.io"
-    # }
-
     ip_restriction {
       virtual_network_subnet_id = var.app_subnet_id
       action                    = "Allow"

diff --git a/ops/terraform/modules/app_service/variables.tf b/ops/terraform/modules/app_service/variables.tf
@@ -1,17 +1,13 @@
 variable "env" {}
+variable "name" {}
 variable "resource_group" {}
 variable "location" {}
-variable "name_ocr" {
-  default = "reportvision-ocr-api"
-}
+
 variable "app_subnet_id" {}
 variable "sku_name" {
   default = "P1v3"
 }
 
-variable "az_account" {
-  default = "reportvision"
-}
 
 variable "https_only" {
   type    = bool

diff --git a/ops/terraform/modules/compute/variables.tf b/ops/terraform/modules/compute/variables.tf
@@ -1,4 +1,5 @@
 variable "resource_group" {}
+variable "name" {}
 variable "location" {}
 variable "web_subnet_id" {}
 variable "app_subnet_id" {}

diff --git a/ops/terraform/modules/container_instances/main.tf b/ops/terraform/modules/container_instances/main.tf
@@ -1,5 +1,5 @@
 resource "azurerm_container_group" "example" {
-  name                = "reportvision-ocr"
+  name                = "${var.name}-cg"
   location            = var.location
   resource_group_name = var.resource_group
   ip_address_type     = "Private"